DO NOT MERGE YET: V2 Changes

.dockerignore

@@ -0,0 +1,4 @@
+.git/
+helm/
+.venv/
+.github/

.github/workflows/deploy_sidecar.yml

@@ -0,0 +1,59 @@
+name: Deploy sidecar for client
+on:
+  workflow_dispatch:
+    inputs:
+      pdp_key:
+        description: 'Provide a PDP_API_KEY env var'
+        required: true
+        type: string
+      name:
+        description: 'Provide the name of the sidecar'
+        required: true
+        type: string
+
+env:
+  AWS_REGION: "us-east-2"
+
+permissions:
+  id-token: write
+  contents: write
+
+jobs:
+  deploy-new-sidecar:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+
+      - name: AWS Auth - Assume OIDC Github Role
+        uses: aws-actions/configure-aws-credentials@v1.6.1
+        with:
+          role-to-assume: ${{ secrets.ROLE_ARN }}
+          aws-region: ${{ env.AWS_REGION }}
+          role-session-name: githubactions
+
+      - name: Amazon ECR Login - Root Account
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - uses: azure/k8s-set-context@v2
+        with:
+          method: kubeconfig
+          kubeconfig: ${{ secrets.KUBE_CONFIG }}
+          context: prod
+
+      - name: Helm Dependency Build
+        shell: bash
+        env:
+          NAMESPACE: permitio
+        run:
+          helm dependency build ./helm/ ;
+
+      - name: Helm Install
+        shell: bash
+        env:
+          NAMESPACE: sidecars
+          CHART_DIR: ./helm
+        run:
+          helm upgrade --install -f ${{ env.CHART_DIR }}/values-prod.yaml ${{ inputs.name }}-sidecar ${{ env.CHART_DIR }} -n ${{ env.NAMESPACE }} --wait --set expose.dnsHostName="${{ inputs.name }}-sidecar.permit.io" --set config.env.PDP_API_KEY="${{ inputs.pdp_key }}"

.github/workflows/helm_release.yml

@@ -0,0 +1,34 @@
+name: Helm Release Workflow
+
+on:
+  push:
+    paths:
+      - 'charts/pdp/Chart.yaml'
+
+jobs:
+  helm-release:
+    if: github.event_name == 'push' && github.ref == 'refs/heads/v2'
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "elimoshkovich"
+          git config user.email "eli@permit.io"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.6.0
+        env:
+          CR_TOKEN: "${{ secrets.PAGES }}"
+        with:
+          skip_existing: true
+          mark_as_latest: false

.github/workflows/release.yml

@@ -0,0 +1,146 @@
+name: Build and Push PDP Docker Image
+
+on:
+  release:
+    types: [published]
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  pdp-tests:
+    # Call the reusable tests workflow.
+    uses: ./.github/workflows/tests.yml
+    secrets: inherit
+
+  build-and-push-pdp-vanilla:
+    needs: pdp-tests
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+    - name: Pre build - for PDP-Vanilla
+      run: echo "${{ github.event.release.tag_name }}" | cut -d '-' -f 1 > permit_pdp_version
+
+    - name: Build and push PDP-Vanilla - (official release)
+      if: "!github.event.release.prerelease"
+      uses: docker/build-push-action@v5
+      with:
+        push: true
+        context: .
+        platforms: linux/amd64,linux/arm64
+        tags: permitio/pdp-v2-vanilla:${{ github.event.release.tag_name }}, permitio/pdp-v2-vanilla:latest
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+
+    - name: Build and push PDP-Vanilla image - (pre-release)
+      if: "github.event.release.prerelease"
+      uses: docker/build-push-action@v5
+      with:
+        push: true
+        context: .
+        platforms: linux/amd64,linux/arm64
+        tags: permitio/pdp-v2-vanilla:${{ github.event.release.tag_name }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+
+  build-and-push-pdp:
+    needs: pdp-tests
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+    - uses: actions/checkout@v3
+      with:
+        repository: permitio/permit-opa
+        ref: main
+        path: './permit-opa'
+        token: ${{ secrets.CLONE_REPO_TOKEN }}
+
+    - name: Pre build PDP
+      run: |
+        echo "${{ github.event.release.tag_name }}" | cut -d '-' -f 1 > permit_pdp_version
+        rm -rf custom
+        mkdir custom
+        build_root="$PWD"
+        cd ./permit-opa
+        find * \( -name '*go*' -o -name 'LICENSE.md' \) -print0 | xargs -0 tar -czf "$build_root"/custom/custom_opa.tar.gz --exclude '.*'
+
+    - uses: robinraju/release-downloader@v1
+      with:
+        repository: permitio/datasync
+        latest: true
+        fileName: factstore_server*
+        token: ${{ secrets.CLONE_REPO_TOKEN }}
+        out-file-path: "factdb"
+
+    - name: Build and push PDP image - (pre-release)
+      if: "github.event.release.prerelease"
+      uses: docker/build-push-action@v5
+      with:
+        push: true
+        context: .
+        platforms: linux/amd64,linux/arm64
+        build-args: |
+          ALLOW_MISSING_FACTSTORE=false
+        tags: permitio/pdp-v2:${{ github.event.release.tag_name }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+
+    - name: Build and push PDP image - (official release)
+      if: "!github.event.release.prerelease"
+      uses: docker/build-push-action@v5
+      with:
+        push: true
+        context: .
+        platforms: linux/amd64,linux/arm64
+        build-args: |
+          ALLOW_MISSING_FACTSTORE=false
+        tags: permitio/pdp-v2:${{ github.event.release.tag_name }},permitio/pdp-v2:latest
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+
+  update-pdp-api-ecs-service:
+    needs: build-and-push-pdp
+    runs-on: ubuntu-latest
+    if: "!github.event.release.prerelease"
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.PDP_CICD_AWS_ROLE }}
+          aws-region: us-east-1
+
+      - name: Redeploy ECS service - pdp-general-redoc-service
+        run: |
+          aws ecs update-service \
+            --cluster public-pdps-us-east-1 \
+            --service pdp-general-redoc-service-731a74c \
+            --force-new-deployment

.github/workflows/test_release.yml

@@ -0,0 +1,28 @@
+name: Helm test
+
+on:
+  pull_request:
+    paths:
+      - 'charts/pdp/**'
+
+jobs:
+  helm_test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Create k8s Kind Cluster
+        uses: helm/kind-action@v1
+
+      - name: Deploy Helm Chart in Kind Cluster
+        working-directory: ./charts/pdp
+        run: helm install pdp . --set pdp.ApiKey=${{ secrets.PDP_API_KEY }} --create-namespace --namespace pdp --wait
+
+      - name: Show PDP logs in case of failure
+        run: kubectl logs svc/permitio-pdp -n pdp
+        if: failure()
+
+      - name: Show PDP pod status
+        run: kubectl get pods -n pdp
+        if: always()

.github/workflows/test_release_skipping.yml

@@ -0,0 +1,16 @@
+name: Helm test
+
+on:
+  pull_request:
+    paths-ignore:
+      - 'charts/pdp/**'  # Ignore changes in 'charts/pdp' directory
+
+jobs:
+  helm_test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Skipping helm_test workflow
+        run: echo "Skipping helm_test since 'charts/pdp' has not been touched"